Created on 08-04-2009 11:10 AM Edited on 02-05-2024 02:36 AM By Jean-Philippe_P
Description
Solution
Controlling Firewall Services are part of policy creation. By default a Firewall policy has the 'ANY' service group chosen as the group of services in a policy.
In this scenario an administrator will group three services to allow.
1. Create new Firewall policy. Firewall > Policy > create new
As part of this step users will select which service to be allowed, denied or sent through a VPN tunnel. With no new service groups created only the default services listed are available.
2. Administrators have all the FortiGate 'Predefined' services to choose from by default. These can be seen in the Firewall > Service menu
3. Also in the Firewall Service menu users can create a new group. This is done by selecting Create New in the Firewall > Service > Group tab
4. With member services grouped together in a new group, this group can be used in a policy of any action type.
These steps can be applied to an Accept, IPSec, Deny or SSL VPN policy. By default the policy list is followed by an implicit deny, this means that if a policy has not been created to Allow a service then it will not be allowed through the FortiGate.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.